aws-cdk-lib: Facing iam error on bootstrap

[satyamkondle]

Describe the bug

Created a new Typescript cdk app. When trying to bootstrap my account using command:

cdk bootstrap xxx/us-east-1

Facing this error:

TypeError: Cannot read properties of undefined (reading 'length') at my_project_folder/node_modules/cdk-constructs/node_modules/aws-cdk-lib/aws-iam/lib/policy-statement.js:2:7672 at Array.map () at count (my_project_folder/node_modules/cdk-constructs/node_modules/aws-cdk-lib/aws-iam/lib/policy-statement.js:2:7626) at PolicyStatement._estimateSize (my_project_folder/node_modules/cdk-constructs/node_modules/aws-cdk-lib/aws-iam/lib/policy-statement.js:2:7308) at my_project_folder/node_modules/cdk-constructs/node_modules/aws-cdk-lib/aws-iam/lib/policy-document.js:1:3377 at Array.map () at PolicyDocument._splitDocument (my_project_folder/node_modules/cdk-constructs/node_modules/aws-cdk-lib/aws-iam/lib/policy-document.js:1:3365) at Role.splitLargePolicy (my_project_folder/node_modules/cdk-constructs/node_modules/aws-cdk-lib/aws-iam/lib/role.js:1:9495) at Object.visit (my_project_folder/node_modules/cdk-constructs/node_modules/aws-cdk-lib/aws-iam/lib/role.js:1:3024) at recurse (my_project_folder/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:1:1848)

More details

AWS credentials are provided in the [default] profile in .aws/credentials file

--verbose option prints the env correctly: [10:50:26] env: { CDK_DEFAULT_REGION: 'us-east-1', CDK_DEFAULT_ACCOUNT: 'xxxxx', CDK_OUTDIR: 'cdk.out', CDK_CLI_ASM_VERSION: '21.0.0', CDK_CLI_VERSION: '2.51.1' }

calling "aws sts get-caller-identity" also shows the proper account name and role (admin)

Expected Behavior

Bootstrap to work.

Current Behavior

Bootstrap not working

Reproduction Steps

• Follow instructions on setting cdk typescript app
• Set up aws crdeds under .aws/credentials file
• do "cdk bootstrap /region"

Possible Solution

What am I missing?

Additional Information/Context

No response

CDK CLI Version

2.51.1

Framework Version

No response

Node.js Version

16.18.1

OS

Mac

Language

Typescript

Language Version

No response

Other information

No response

[satyamkondle]

Update: Bootstrap issue got resolved after I ran the same command "cdk bootstrap xxx/us-east-1" from a folder outside my cdk app. The problem was in my cdk app. But why should the problem in my app affect the bootstrap process?? This is very confusing and misleading. Keeping open to answer that question.

[peterwoodworth]

It looks to me like this is some error with your CDK app specifically. Can you run cdk bootstrap aws://123456789012/us-east-1 in an empty directory?

[github-actions[bot]]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[chrisuehlinger-techslice]

@satyamkondle What was the problem in your CDK app? I'm running into this right now with an Amplify Gen 2 app and this is the only place on the internet with the same stacktrace.

Edit: I solved my problem. In case anyone comes across this: I had been pulling SSM parameters and using them to populate strings throughout my CDK app, but didn't know that GetParametersByPath had a max page size of 10, so some of my parameter values were undefined leading to broken IAM policies in places where they were referenced. Once I accounted for this the problem was solved.

[CodeSammich]

In my case, I had a missing parameter in a config file that ended up feeding into CDK. Someone added to the mainline, I pulled. "Token" in this policy seems to be referring to word tokens, like a parameter.